IT Infrastructure Engineering

Definitions:Infrastructure engineering ensures that the IT infrastructure is sufficiently robust, scalable, and efficient to deliver the integrated services underlying the physical environment that supports the processes, physical resources, and operators required for developing, integrating, operating, and sustaining IT applications and support services. Physical resources include facilities, hardware, software, and tools. Operators include engineers, programmers, administrators, and help/service desk personnel. Infrastructure engineering support objectives ensure that a reliable, consistent level of service is available to infrastructure customers and IT service consumers—both human and machine.

Infrastructure operations address the day-to-day management and maintenance of IT services, systems, and applications, as well as the infrastructure, the geographic location, the facilities in which they are housed, and the energy, and hardware usage.

Skilled support resources and defined processes are key to infrastructure operations. These include systems and network administration, data center operations, help/service desks, network operations centers, and service level management.

Background

MITRE SEs take a systems engineering life-cycle approach to satisfy IT goals and objectives. Infrastructure engineering, IT operations, and service management expertise includes:

Implementation of Information Technology Service Management and Information Technology Infrastructure Library (ITIL) concepts and policies (For more details, see the IT Service Management article under this topic.)

Development of infrastructure strategy and IT operational policies, standards, and processes tailored to agency or department missions

Development of infrastructure and operational requirements in all phases of the system development life cycle

Development of asset management processes that support the provisioning, tracking, reporting, ownership, and financial status of IT assets

Infrastructure and operations security, such as network and application firewalls, authentication, identity and privilege management, and intrusion detection and prevention

Beyond technical deliverables, assist with various road shows, Technical Exchange Meetings (TEMs), and conferences to promote the importance of a solid infrastructure.

Government, Industry, and Commercial Interest in IT Infrastructure

In December 2010, the U.S. Federal Government Chief Information Officer released a 25 point action plan that concentrates on areas to reduce IT operating costs and to bring greater value through IT consolidation. The emphasis is on reducing data centers and migrating to lean and agile IT computing services [1].

The National Institute of Standards and Technology (NIST) took the lead to define cloud computing in the context of cost savings and "increased IT agility." This effort provided the momentum to challenge the rising and unsustainable costs in response to "difficult economic constraints." NIST is partnering with all stakeholders (including MITRE) to face the challenges of security, privacy, and other barriers that have hindered a broad adoption of cloud-based IT infrastructure [2, 3].

The U.S. General Services Administration (GSA) sought and adopted lightweight and agile IT infrastructure to support their common enterprise infrastructure (e.g., enterprise email) while reducing the costs and increasing the efficiency of the associated acquisition and deployment. GSA is also taking a lead role in deploying Software as a Service (SaaS) through the cloud.cio.gov portal [4]. This effort emphasizes compliance with Certification and Accreditation and FISMA [5] Moderate Impact Data security requirements prior to loading their applications to the store for distribution.

When designing a federal disaster recovery solution, MITRE SEs take into account Federal Information Processing Standards (FIPS) and NIST guidelines so that they will be supported by the end product [6, 7]. Here is a sample:

In addition, each agency typically has its own policies and guidelines that must also be addressed.

Best Practices and Lessons Learned

Translating business objectives into IT infrastructure needs. The most difficult part of infrastructure engineering is identifying the infrastructure requirements that form the basis for the physical environment, system, and application development process implied by the sponsor's business objectives. Business objectives, by definition, are not technological. Deriving the technical requirements for the IT infrastructure needed to support business objectives is a critical technical contribution. For example, translating a business need for enhanced distributed capabilities may require developing a Network Design guide that maps the technical principles for switching (e.g., VLANs, Ethernet, STP), routing (e.g., RIP, EIGRP, OSPF, ISIS, BGP), Quality of Service (QOS), and wiring/physical infrastructure to the business objectives. With such a guideline, clients can make technically supported decisions to meet their objectives.

Governance. Because infrastructure supports the entire range of an enterprise's IT needs, it requires broad coordination to continuously monitor and facilitate the performance and modernization of infrastructure projects across the enterprise. Governance defines the relationships among the Systems Development Life Cycle Management (SDLCM) methodology, Information Technology (IT) Capital Planning, Security, and Enterprise Architecture (EA) requirements and processes for deliverables and key phases. Plan for significant investments of time and resources in governance boards, outreach programs, and socializing change. (For more details, see the Enterprise Governance, IT Governance, and Transformation Planning and Organizational Change articles.)

Infrastructure evolution. Infrastructure engineering is distinguished from other IT efforts by the almost absolute necessity of incremental evolution. Infrastructure evolution is influenced by the transformation of business and technological needs. It is extremely rare for an enterprise to be able to switch from one infrastructure to another in one fell swoop. Plan and organize based on incremental change. Provision for operating both old and new infrastructure components in parallel. (For more details, see the articles in the Configuration Management topic.)

Service level agreements. Because the infrastructure supports the entire enterprise, it is impractical and inappropriate to organize interfaces around traditional interface control documents. Users (and potential users) of an infrastructure or shared core function demand a different kind of performance guarantee based on the one-to-many relationship between the owners of the infrastructure or shared function and their customers. This guarantee is captured in a service level agreement (SLA) that documents the expected performance and behavior of the infrastructure for use. Because the SLA is, in effect, an internal contract between the infrastructure and its users, infrastructure engineering must provide for precise measuring, monitoring, and reporting of the function's behavior in the design and in the operation—to the degree that the SLA can be enforced. This requires significantly more detail and rigor than is usually applied to just developing an infrastructure by itself.

Versioning and provisioning. Our sponsor's enterprise is usually large, complex, and widely distributed. As a consequence, it is virtually impossible to change every physical instance of an infrastructure component at one time. Plan for operating multiple versions of any infrastructure component being updated or replaced. It is common for a physically distributed enterprise to be operating two, three, or even four different versions of a single component at the same time. Account for multiple versions, not just for brief periods but continuously as the infrastructure evolves. (For more details, see the articles in the Configuration Management topic.)

Baseline infrastructure assessment. Assessing an operational environment is often a first step in an infrastructure engineering effort. The focus of the assessment should be based on the customer needs and requirements. Two examples are:

Assess a baseline configuration of an existing operational environment to use for gap analysis of an "as-is" versus a "to-be" architecture.

Compare a baseline configuration of an existing operational environment against a secure configuration standard for a security assessment.

Common security processes. Perform trusted, independent vulnerability assessments to highlight issues and help remedy and mitigate risk based on NIST, NSA, and leading industry practices in the information assurance and security realm. Document security vulnerabilities and provide recommendations for resolution, mapping the findings to NIST 800-53 [8] controls and providing a risk level report. Promote a standard set of commercial tools such as NetDoctor, Nessus®, or Wireshark where applicable. These tools reuse a "Findings Dictionary" to document common vulnerabilities and provide a consistent approach across assessors and assessment organizations. Multiple SEs from different organizations can all perform the same science, technology, and engineering for different customers in the enterprise following the same documented processes.

Technology transition testing. Leverage the effort of industry experts by partnering with accredited test laboratories. For example, preparing for changes to computer networks to support the IPv6 addressing plan requires a partnership with NIST, federal agencies, or government entities, and the wide range of commercial network equipment vendors. The IPv6 Transition effort is based on a "target architecture" to focus on operational testing. Test planning includes implementing a test laboratory architecture, proving out operational Dual Stack configurations, and identifying testing requirements for pilot deployment.

Next-generation network—The evolution continues. Network technologies and capabilities continue to evolve with the continued growth of the Internet. The current trend toward converged services is apparent and seen across the federal government. This shift requires a robust core and reliable end-to-end services at a minimum. Key next-generation network infrastructure attributes include:

Robust core technologies:

Multi-protocol label switching

High-end routers/switches

Convergence:

Voice, video, data on a single infrastructure

Broadband wireless access (4G/3G)

Mobile applications and value-add services and applications are drivers

An efficient infrastructure. An infrastructure should be measured to assess capacity, availability, infrastructure monitoring, energy efficiency, power and heat density, and performance. SEs follow best practices and applicable local codes and ordinances, using the ANSI [9], EIA [10], NEMA [11], and NEC [12] as references, and create recommendations for sponsors to follow based on standards. Currently, "green" initiatives cost more than standard infrastructure build-outs; however, when life-cycle costs can be shown to be equal (or less) based on operating savings (e.g., lower electric bill due to increased efficiencies), the effort to move to a green infrastructure may be justified. (For more details, see the articles in the Integrated Logistics Support topic.)

Mobile IT management and support. Mobile IT management and support for mobile devices have become standard business offerings that support the end user as devices and applications are frequently being used outside the workplace. As a result, mobile service offerings are expected to perform with the same level of connectivity, accessibility, and reliability in the workplace as the end user experiences outside of the business enterprise. Though mobile devices increase productivity, they also introduce security and vulnerability risks that management must address to maintain the integrity of the private infrastructures that support the devices.

Many mobile devices, including cellular phones, smartphones, and tablet computers, connect to networks via WiFi and 3G/4G Internet-based access to different applications. Although there is a strong desire to leverage off-the-shelf capabilities, many of these devices currently lack the necessary security features and assurances to guard against threats. Mobile IT introduces technological diversity and complexity. Each mobile device type and brand is different, but most have the following elements of a core system stack: browser, application programs, logical and network services, security services, physical services, kernel, boot loader, hardware interface services, CPU, and memory. IT departments should devise a common approach to mobile solutions or design patterns that develop more secure mobile solutions that are responsive to the security risks. Evolving security policies have blurred the lines between the personal and professional role of wireless devices and require security approaches that go beyond traditional firewalls. Most enterprise infrastructure architecture mapping efforts focus on fixed IT assets and the core applications that run on them. Mobile devices and applications are often unaccounted for in future plans of architectures. Required infrastructure engineering capabilities include:

Download the SEG

MITRE is an equal opportunity employer with an inclusive workplace where differences are valued.
MITRE welcomes resume submissions directly from individual job seekers. Unsolicited resumes from employment agencies will not be honored.